ush.it - a beautiful place

Jetty 6.x and 7.x Multiple Vulnerabilities

October 25, 2009 at 5:00 am - Filed under aa, bb - 2607 words, reading time ~8 minutes - Permalink - Comments

Jetty is a pure Java application server used by big players like Google (Google AppEngine, Google Web Toolkit) and many projects and products like Eclipse, Alfresco Developers, Bea WebLogic Business Connect and WebLogic Event Server, Cisco Subscriber Edge Services Manager, Sybase EAServer, Apache Geronimo, HP OpenView Interconnect Tools and HP Openview Self-Healing, JFox, Zimbra Desktop and others (here a more complete list http://docs.codehaus.org/display/JETTY/Jetty+Powered). Finding a bug in such a wildspread component is something definitely interesting as the exploitation scenarios are many. We were procrastinating a little too much on this advisory but a CORE advisory burned some of our research and this month we found the time to contact the vendor and follow our disclosure procedure. As always enjoy the reading!

Vtiger CRM 5.0.4 Multiple Vulnerabilities

August 18, 2009 at 3:55 pm - Filed under aa, bb - 1780 words, reading time ~5 minutes - Permalink - Comments

In our publication PHP filesystem attack vectors - Take Two we highlighted some issues that can occur in applications written in PHP that make use of filesystem operations. This advisory for the Vtiger CRM, version 5.0.4, application is an example on how such generic issues can impact the security of a real world application.

PHP filesystem attack vectors - Take Two

July 26, 2009 at 2:31 am - Filed under aa, bb - 2669 words, reading time ~8 minutes - Permalink - Comments

Did you enjoyed our previous "PHP filesystem attack vectors" research? This is the second part and continuation of that paper and highlight new ways to evade filters using some path normalization issues. Have a nice reading!

SugarCRM 5.2.0e Remote Code Execution

June 13, 2009 at 6:44 pm - Filed under aa, bb - 1524 words, reading time ~5 minutes - Permalink - Comments

FormMail 1.92 Multiple Vulnerabilities

May 12, 2009 at 4:19 am - Filed under aa, bb - 1928 words, reading time ~6 minutes - Permalink - Comments

Do you remember FormMail? I hope so. It's PERL code belonging to the past, the glorious 1995 Internet era. FromMail is a CGI script used to create contact forms, but not a common one, it's historical with millions of downloads and has a dedicated Wikipedia page (http://en.wikipedia.org/wiki/FormMail). By the way it's still used in both small and big deployments. FromMail development stopped in 1996, with the exception of security updates and the last security issue is from April 19, 2002. Now one could expect a software to be bugfree after 13 years of feature freeze and "stable" status. Well.. this is why we are here : ) Don't expect code execution, just enjoy the reading.

Zabbix 1.6.2 Frontend Multiple Vulnerabilities

March 3, 2009 at 9:10 pm - Filed under aa, bb - 1792 words, reading time ~5 minutes - Permalink - Comments

Multiple Vulnerabilities exist in Zabbix front end software ranging from Remote Code Execution (RCE), to Cross Site Request Forgery (CSRF) and Local File Inclusion (LFI).

PHP filesystem attack vectors

February 8, 2009 at 3:13 am - Filed under aa, bb - 6792 words, reading time ~22 minutes - Permalink - Comments

On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some time before that was a new attack vector for filesystem functions (fopen, (include|require)[_once]?, file_(put|get)_contents, etc) for the PHP language. It was a path normalization issue and I asked them to keep it "secret" [4], this was a good idea cause my analisys was mostly incomplete and erroneous but the idea was good and the bug was real and disposable.

XSS Cheat Sheet: non repeating payloads

January 26, 2009 at 12:40 pm - Filed under aa, bb - 206 words, reading time ~0 minutes - Permalink - Comments

We always try to add something on topics discussed in old articles, if you liked XSS Cheat Sheet: the PLAINTEXT tag and XSS Cheat Sheet: two stage payloads perhaps you'll like this one. This article contains a more complete list of ways to avoid multiple execution of your payloads, it's a fast reading!

25C3 (CCC Congress 2008) Tricks: makes you smile

January 6, 2009 at 10:58 pm - Filed under aa, bb - 969 words, reading time ~3 minutes - Permalink - Comments

Finally back from CCC Conference 2008, thanks Berlin you always provide heaps of fun!

Reed's Alert! Got something burning? Tell USH team.
THP USH (HTTPS) Wisec DigitalBullets TheHackersPlace network